In this case, attackers have been offering a trojanized update for a legitimate online banking app distributed by South Korea's NH Nonghyup Bank. The Android app is used by up to 10 million people.
Running the malicious app triggers a screen asking users to enter their account details. "Should the user comply, their information would be sent to a remote malicious server controlled by the cybercriminal," said Peter Yan, a Trend Micro mobile security engineer, in a blog post. In other words, people who fall for the attack would be likely targets for cybercriminals trying to drain their bank accounts